FULL PRODUCT VERSION :
java version "1.6.0_10"
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
Java HotSpot(TM) Client VM (build 11.0-b15, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
PKCS#11 library interface version 2.01
flags 0
manufacturerID "nCipher Corp. Ltd"
libraryDescription "nCipher PKCS#11 1.58.48"
implementation version 1.58
A DESCRIPTION OF THE PROBLEM :
A public key from a key pair, generated with SunPKCS11 provider and nCipher (elliptic curve key with curve e.g. prime256v1) could not encode with publicKey.getEncoded()
nCipher returns DER encoded key correct (debug output):
2008-10-17 15:30:32 [4048] t3700: pkcs11: 000008CB < CKA_EC_POINT
pAtt->pValue= 67 bytes
04410438 70a3889c eb8aca99 5cca05b2 7667ccaa 8f272e0c 7a535af5 79d31993
8f962902 dbd859d7 24d6f1c1 b870654b 8faf41f2 41202134 7b59fc72 2a681023
5ab4e6
2008-10-17 15:30:32 [4048] t3700: pkcs11: 000008CB < CKA_EC_PARAMS
pAtt->pValue= 10 bytes
06082a86 48ce3d03 0107
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Generate a ec key pair with SunPKCS11 provider.
Get the public key.
Try getEncoded.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The DER encoded public ec key
ACTUAL -
java.lang.RuntimeException
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.RuntimeException: Could not parse key values
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1005)
at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1015)
at sun.security.pkcs11.P11Key.getEncoded(P11Key.java:109)
at Test.run(Test.java:45)
at Test.main(Test.java:52)
Caused by: java.io.IOException: Point does not match field size
at sun.security.ec.ECParameters.decodePoint(ECParameters.java:75)
at sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:61)
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1002)
... 4 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import sun.security.pkcs11.SunPKCS11;
public class Test {
private Test(){
ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(byteStream);
ps.println("name = nCipher");
ps.println("library = c:/nfast/toolkits/pkcs11/cknfast.dll");
ps.println("attributes = compatibility");
ps.println("slotListIndex = 0"); // nCipher module slot
ps.println("attributes(*, CKO_PRIVATE_KEY, *) = {");
ps.println(" CKA_DERIVE = false");
ps.println(" CKA_SENSITIVE = true");
ps.println(" CKA_EXTRACTABLE = false");
ps.println(" CKA_TOKEN = true");
ps.println("}");
ps.println("attributes(*, CKO_PUBLIC_KEY, *) = {");
ps.println(" CKA_TOKEN = true");
ps.println("}");
InputStream config = new ByteArrayInputStream(byteStream.toByteArray());
Provider pkcs11Provider = new SunPKCS11(config);
Security.addProvider(pkcs11Provider);
}
private void run() throws Exception{
KeyPairGenerator asymKeyGen = KeyPairGenerator.getInstance("EC", "SunPKCS11-nCipher");
asymKeyGen.initialize(new ECGenParameterSpec("1.2.840.10045.3.1.7"));
byte[] encodedPublicKey = asymKeyGen.genKeyPair().getPublic().getEncoded();
// ...
}
public static void main(String [] args) {
try {
(new Test()).run();
}catch (Throwable e){
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
}
---------- END SOURCE ----------